Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS60458.roa
File:                     AS60458.roa (raw, json)
Hash identifier:          z2iMPPwUOJYXQT+thDQUdNPqQE9ZOFMjXrjVzdIng+Y=
Subject key identifier:   FD:87:71:98:EF:5D:D2:BD:09:9E:C6:FF:72:C2:26:0D:F3:28:36:ED
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6B22FF3DCB1B0A24A3D21686AB5C850F415CB216
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS60458.roa
Signing time:             Sat 27 Jul 2024 00:05:19 +0000
ROA not before:           Sat 27 Jul 2024 00:00:19 +0000
ROA not after:            Sat 26 Jul 2025 00:05:19 +0000
asID:                     60458
IP address blocks:        191.101.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:22:ff:3d:cb:1b:0a:24:a3:d2:16:86:ab:5c:85:0f:41:5c:b2:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 27 00:00:19 2024 GMT
            Not After : Jul 26 00:05:19 2025 GMT
        Subject: CN=FD877198EF5DD2BD099EC6FF72C2260DF32836ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:47:5b:13:8b:1f:46:c9:0c:c9:bd:ba:72:08:
                    86:a6:56:c6:0c:3c:92:06:16:d1:ec:22:82:a1:55:
                    c4:1a:56:20:95:81:1d:3f:d1:b7:59:0d:6b:5e:d2:
                    15:db:91:bb:70:ae:8e:e5:56:ba:2b:61:4f:60:1b:
                    0e:69:aa:ca:1a:4e:8f:67:c4:f3:eb:ab:30:0b:65:
                    52:d7:93:71:d7:40:62:21:1b:75:fa:8b:21:b4:e2:
                    00:73:37:78:be:75:18:2d:58:78:b9:82:0c:39:36:
                    0a:62:92:6e:9c:08:ad:11:6f:8a:87:e9:92:76:ee:
                    88:04:73:ab:7f:67:69:05:09:18:9e:c0:b0:97:4d:
                    ee:9b:89:33:d4:79:e0:ab:f6:f5:0b:d1:4b:81:b3:
                    46:ca:79:88:ec:61:42:89:5c:ba:4c:d6:44:dc:87:
                    62:14:81:6a:ce:81:0e:5f:63:fa:9f:99:e0:10:6d:
                    c7:6c:d3:d9:2f:55:49:81:08:b2:fb:eb:a2:be:00:
                    0c:3f:53:9f:83:4a:24:3f:91:86:a0:51:94:2f:4d:
                    3e:5b:bd:94:81:b3:ef:b8:3d:e9:e0:41:b0:17:ce:
                    d3:3b:4e:cd:d0:ff:c0:0f:f1:10:54:c5:79:8d:31:
                    c4:51:1a:cc:0a:20:6b:07:46:99:e8:1f:c9:dd:07:
                    9a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:87:71:98:EF:5D:D2:BD:09:9E:C6:FF:72:C2:26:0D:F3:28:36:ED
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS60458.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:67:bd:44:34:e2:2d:2e:81:c6:43:1b:24:28:40:3e:fa:b3:
         05:ed:1b:fe:ff:c7:ec:d4:2a:24:1d:f5:5e:15:1c:f8:35:45:
         bb:50:68:23:b9:30:2f:01:77:d2:ae:73:3f:07:d0:af:c3:f3:
         64:bb:c4:36:9c:4c:6e:61:92:36:c3:84:69:65:ee:f5:6b:94:
         02:e7:94:1f:49:ad:42:80:14:c7:87:06:4f:aa:d9:11:ad:6d:
         38:c7:f2:07:65:3c:0a:01:0b:56:be:d9:be:ba:d6:13:29:ac:
         31:a5:7b:7f:3b:80:05:82:09:83:a0:f2:a3:cf:8b:ff:a8:de:
         1d:43:78:46:49:2f:ef:87:90:ba:2f:b5:59:8b:a6:f1:f2:6b:
         cb:5b:29:b0:22:09:5d:77:a9:62:3d:51:81:68:f8:de:06:10:
         d9:10:d7:0c:4b:85:5d:37:26:8a:c3:a5:52:b6:dc:9f:3b:78:
         4e:56:57:f8:40:2f:02:6d:70:90:d8:ce:53:59:13:f3:b1:93:
         b8:c6:e8:a4:1b:53:1c:91:11:5f:90:3c:42:8f:7d:ad:96:a6:
         12:49:a5:8f:42:7a:27:65:79:13:e8:5e:8c:10:31:a0:cb:7d:
         eb:b3:9b:d2:62:96:4d:73:00:70:b7:25:93:56:aa:6f:e9:9b:
         a2:76:86:f1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUayL/PcsbCiSj0haGq1yFD0FcshYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MjcwMDAwMTlaFw0yNTA3MjYwMDA1MTlaMDMxMTAvBgNV
BAMTKEZEODc3MTk4RUY1REQyQkQwOTlFQzZGRjcyQzIyNjBERjMyODM2RUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUR1sTix9GyQzJvbpyCIamVsYM
PJIGFtHsIoKhVcQaViCVgR0/0bdZDWte0hXbkbtwro7lVrorYU9gGw5pqsoaTo9n
xPPrqzALZVLXk3HXQGIhG3X6iyG04gBzN3i+dRgtWHi5ggw5Ngpikm6cCK0Rb4qH
6ZJ27ogEc6t/Z2kFCRiewLCXTe6biTPUeeCr9vUL0UuBs0bKeYjsYUKJXLpM1kTc
h2IUgWrOgQ5fY/qfmeAQbcds09kvVUmBCLL766K+AAw/U5+DSiQ/kYagUZQvTT5b
vZSBs++4PengQbAXztM7Ts3Q/8AP8RBUxXmNMcRRGswKIGsHRpnoH8ndB5pjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU/YdxmO9d0r0Jnsb/csImDfMoNu0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjA0NTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZZcw
DQYJKoZIhvcNAQELBQADggEBAFFnvUQ04i0ugcZDGyQoQD76swXtG/7/x+zUKiQd
9V4VHPg1RbtQaCO5MC8Bd9Kucz8H0K/D82S7xDacTG5hkjbDhGll7vVrlALnlB9J
rUKAFMeHBk+q2RGtbTjH8gdlPAoBC1a+2b661hMprDGle387gAWCCYOg8qPPi/+o
3h1DeEZJL++HkLovtVmLpvHya8tbKbAiCV13qWI9UYFo+N4GENkQ1wxLhV03JorD
pVK23J87eE5WV/hALwJtcJDYzlNZE/Oxk7jG6KQbUxyREV+QPEKPfa2WphJJpY9C
eidleRPoXowQMaDLfeuzm9Jilk1zAHC3JZNWqm/pm6J2hvE=
-----END CERTIFICATE-----